AMENDMENTS TO THE CLAIMS 



This listing replaces all prior versions and listings of claims in the application: 

1 . (Currently amended) A method for linguistic analysis comprising: 
receiving a user selection of at least one category from a list of pre-defined 

categories , wherein the categories include complex aggregate behavior with a 
plurality of triggers in a hierarchical relationship and at least one of the plurality of 
triggers is a trigger for another of the plurality of triggers: 

preparing data; a nd scor i ng th o data based on th e us e r s ele ct e d cat e gory to 
produc e a tal l y, pr e p a r i ng th e data i nc l ud i ng: by collecting the data from at least one 
of a data stream, a file system, and a database; and part i tion i ng th e data, and 

evaluating and scoring the data for the selected at least one category based 
on the complex aggregate behaviour. 

2. (Original) The method of claim 1, further comprising receiving a custom 
category definition from the user, scoring the data further based on the custom 
category definition. 

3. (Original) The method of claim 2, wherein the custom category is dependent 
upon the user-selected category. 

4. (Currently amended) The method of claim 1 , further comprising: 
determining whether the user-selected category is a hit based on the tally; 

and 

performing at least one predetermined action where it is determined that the 
user-selected category is a hit. 

5 (Original) The method of claim 4, wherein determining is based on at least 
one of threshold scoring and Boolean logic scoring. 

6. (Original) The method of claim 4, wherein the predetermined action is at least 
one of blocking access, alerting an administrator, and logging data. 
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7. (currently amended) A m e thod for The method of linguistic analysis of claim 
I. wherein the step of evaluating and scoring the data comprises a plurality of 
computations and the method further comprises: 

dynamically re-ordering the computations, compris i ng d e f i ning comp le x 
aggr e gat e b e hav i our w i th a p l urality of tr i gg e rs in a hi e rarch i ca l r el at i onsh i p. 

8. (Original) The method of claim 7, wherein defining complex aggregate 
behavior includes associating a score with each of the plurality of triggers. 

9. (Original) The method of claim 8, wherein defining complex aggregate 
behavior further includes applying at least one of an addition operator, a subtraction 
operator, a multiplication operator and a division operator to the score associated 
with at least one of the plurality of triggers. 

10. (Original) The method of claim 8, wherein defining complex aggregate 
behavior further includes applying a negation operator to the score of at least one of 
the plurality of triggers. 

1 1 . (Original) The method of claim 7, wherein defining complex aggregate 
behavior includes associating a pattern tuple with at least one of the plurality of 
triggers. 

1 2. (Original) The method of claim 1 1 , further comprising simplifying the complex 
aggregate behavior by combining two or more triggers having the same associated 
pattern tuple. 

13. (Original) The method of claim 7, wherein defining complex aggregate 
behavior includes associating a list of pre-requisite triggers, scores for each of the 
pre-requisite triggers, and negation status with at least one of the plurality of 
triggers. 

14. (Original) The method of claim 13, further comprising simplifying the complex 
aggregate behavior by combining two or more triggers having the same associated 
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list of pre-requisite triggers, scores for each of the pre-requisite triggers, and 
negation status. 

1 5. (Original) The method of claim 7, wherein defining complex aggregate 
behavior includes associating at least one of a plurality of actions with at least one 
of the plurality of triggers. 

16. (Original) The method of claim 15, further comprising simplifying the complex 
aggregate behavior by not resolving any of the plurality of triggers that are not 
associated with at least one of the plurality of actions. 

17. (Original) A method for linguistic analysis comprising: 
receiving data; 

setting a tally for a containing trigger equal to zero; 
ordering a plurality of pre-requisite triggers based on decreasing absolute 
value of a score associated with each of the plurality of pre-requisite triggers; and 
selecting one of the plurality of pre-requisite triggers based on the order. 

18. (Original) The method of claim 17, further comprising: 

determining whether the selected one of the plurality of triggers is a hit; 

if the selected one of the plurality of triggers is a hit, updating the tally by 
adding to the tally the score associated with the selected one of the plurality of 
triggers; 

determining whether the updated tally less the sum of absolute values of 
scores associated with each unresolved trigger within the plurality of pre-requisite 
triggers is greater than a predetermined threshold; and 

if the updated tally less the sum of absolute values of scores associated with 
each unresolved trigger within the plurality of pre-requisite triggers is greater than 
the predetermined threshold, resolving the containing trigger as a hit. 

19. (Original) The method of claim 18, further comprising: 

if the updated tally less the sum of absolute values of scores associated with 
each unresolved trigger within the plurality of pre-requisite triggers is not greater 
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than the predetermined threshold, determining whether each of the pre-requisite 
triggers have been selected; and 

if each of the pre-requisite triggers have been selected, resolving the 
containing trigger as a non-hit. 

20. (Original) A method for linguistic analysis comprising: 

defining a category having a first pre-requisite trigger and a second pre- 
requisite trigger; 

receiving a first data set; 

determining whether the first pre-requisite trigger is a hit based on the first 
data set; 

if the first pre-requisite trigger is a hit, determining whether a score of the first 
pre-requisite trigger is greater than zero; 

if the score of the first pre-requisite trigger is greater than zero, determining 
whether the second pre-requisite trigger is a hit based on the first data set; 

if the second pre-requisite trigger is a hit, determining whether a score of the 
second pre-requisite trigger is greater than zero; and 

if the score of the second pre-requisite trigger is greater than zero, resolving 
the category as a hit with respect to the first data set. 

21 . (Original) The method of claim 20, further comprising: 

if the first pre-requisite trigger is a hit, increasing an Avoid Evaluation Of This 
Trigger (AEOTT) rating associated with the first pre-requisite trigger. 

22. (Original) The method of claim 21 , further comprising: 
receiving a second data set; 

determining whether the second pre-requisite trigger is a hit based on the 
second data set; 

if the second pre-requisite trigger is a hit, determining whether a score of the 
second pre-requisite trigger is greater than zero; 

if the score of the second pre-requisite trigger is greater than zero, 
determining whether the first pre-requisite trigger is a hit based on the second data 
set; 
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if the first pre-requisite trigger is a hit, determining whether a score of the first 
pre-requisite trigger is greater than zero; and 

if the score of the first pre-requisite trigger is greater than zero, resolving the 
category as a hit with respect to the second data set. 

23. (Currently amended) A method for linguistic analysis comprising: 
defining a category having a first pre-requisite trigger and a second pre- 
requisite trigger; 

receiving a first data set; 

determining whether the first pre-requisite trigger is a hit based on the first 
data set; 

if the first pre-requisite trigger is a hit, determining whether a score of the first 
pre-requisite trigger is greater than zero; 

if the score of the first pre-requisite trigger is greater than zero, resolving the 
category as a hit with respect to the first data set set; 

if the first pre-requisite trigger is not a hit, determining whether the second 
pre-requisite trigger is a hit based on the first data set; 

if the second pre-requisite trigger is a hit, determining whether a score of the 
second pre-requisite trigger is greater than zero; and 

if the score of the second pre-requisite trigger is greater than zero, resolving 
the category as a hit with respect to the first data set. 

24. (Original) The method of claim 23, further comprising: 

if the first pre-requisite trigger is a hit, decreasing an Avoid Evaluation Of This 
Trigger (AEOTT) rating associated with the first pre-requisite trigger. 

25. (Original) A method for linguistic analysis comprising: 

initializing a Avoid Evaluation Of This Trigger (AEOTT) rating for a pre- 
requisite trigger; 

resolving the pre-requisite trigger based on a first data set; 

determining whether resolving the pre-requisite trigger caused an early exit; 

if resolving the pre-requisite trigger caused an early exit, decreasing the 
AEOTT rating; and 
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if resolving the pre-requisite trigger did not cause an early exit, increasing the 
AEOTT rating. 

26-27. (cancelled) 

28. (Original) A machine-readable medium having instructions stored thereon for 
execution by a processor, the instructions configured to perform a method 
comprising: 

receiving data; 

setting a tally for a containing trigger equal to zero; 
ordering a plurality of pre-requisite triggers based on decreasing absolute 
value of a score associated with each of the plurality of pre-requisite triggers; and 
selecting one of the plurality of pre-requisite triggers based on the order. 

29. (Original) A machine-readable medium having instructions stored thereon for 
execution by a processor, the instructions configured to perform a method 
comprising dynamically re-ordering a plurality of pre-requisite triggers, re-ordering 
based on a likelihood in each of the plurality of pre-requisite triggers to cause an 
early exit during resolution of a category containing the plurality of pre-requisite 
triggers. 
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